Dark Reading

Novel PyPI Malware Uses Compiled Python Bytecode to Evade Detection

In a new twist on software supply chain attacks, researchers have discovered a Python package hiding malware inside of compiled code, allowing it to evade ordinary detection measures. On April 17, ...
Infosecurity-magazine.com

Malicious PyPI Packages Use Compiled Python Code to Bypass Detection

Security researchers at ReversingLabs have discovered a novel attack that used compiled Python code to evade detection. According to ReversingLabs reverse engineer Karlo Zanki, this could be the first ...
Infosecurity-magazine.com

Lazarus Group Targets Developers in Fresh VMConnect Campaign

Lazarus Group has been observed continuing its VMConnect campaign by targeting developers with new malicious software packages on open source repositories, according to ReversingLabs. The researchers ...
CSOonline

Fake recruitment campaign targets developers using trojanized Python packages

The number of attacks looking to compromise developer machines has exploded in recent years. There has been a barrage of malicious packages uploaded to public registries such as PyPi and npm, ...
it-daily.net

Critical security vulnerability on Docker Hub

A Vulnerability on Docker Hub allowed admin access to the Python Package Index (PyPI) and the injection of malicious code. The JFrog Security Research Team recently identified and mitigated a critical ...